1 / 49

UC Berkeley PhD Defense Student: Mike Case Advisor: Bob Brayton March 31, 2009

On Invariants to Characterize the State Space for Sequential Logic Synthesis and Formal Verification. UC Berkeley PhD Defense Student: Mike Case Advisor: Bob Brayton March 31, 2009. Outline. Synergy Between Synthesis and Verification Invariants to Characterize the State Space

kyran
Download Presentation

UC Berkeley PhD Defense Student: Mike Case Advisor: Bob Brayton March 31, 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Invariants to Characterize the State Space for Sequential Logic Synthesis and Formal Verification UC Berkeley PhD Defense Student: Mike Case Advisor: Bob Brayton March 31, 2009

  2. Outline • Synergy Between Synthesis and Verification • Invariants to Characterize the State Space • Synthesis Applications • Resubstitution • ODCs • Verification Applications • Interpolation • Induction • Targeted Invariants Mike Case PhD Defense

  3. Outline • Synergy Between Synthesis and Verification • Invariants to Characterize the State Space • Synthesis Applications • Resubstitution • ODCs • Verification Applications • Interpolation • Induction • Targeted Invariants Mike Case PhD Defense

  4. p Size n < N Inputs Registers Synthesis For Verification p synthesis Size N Inputs Registers  input sequence s.t p(t) = 1 for some t ? Mike Case PhD Defense

  5. A Inputs Registers Verification for Synthesis Prove A=B time B A Inputs Registers Mike Case PhD Defense

  6. Reachable States Unreachable States Reachable States • Verification: Don’t verify unreachable states • Synthesis: Don’t preserve behavior on unreachable states Initial State Mike Case PhD Defense

  7. Outline • Synergy Between Synthesis and Verification • Invariants to Characterize the State Space • Synthesis Applications • Resubstitution • ODCs • Verification Applications • Interpolation • Induction • Targeted Invariants Mike Case PhD Defense

  8. Candidate Invariant C Reachable State Set Reachable State Set Candidate Invariant C Proved Invariants I If C is proved,R := C R Invariants As Reachability Approximation Reachable State Set If C is proved,R := C [Case et. al., “Inductively Finding a Reachable State Space Over-Approximation,” IWLS 2006] Mike Case PhD Defense

  9. Prove Candidate Invariants (Induction) Approximate Reachability Basic Flow Discover Candidate Invariants (Simulation) Mike Case PhD Defense

  10. Patterns Seen: A B C D 0 0 0 0 A B 1 1 0 0 C D 1 1 0 1 1 0 0 0 1 0 1 1 1 0 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 1 Discovering Candidate Invariants Extract “Interesting” Local Properties Find the N “best” candidates and subset C = 0A = B A = B [Case et. al., “Inductively Finding a Reachable State Space Over-Approximation,” IWLS 2006] Mike Case PhD Defense

  11. Constants Very few in number Very crude reachability approximation Equivalences Few in number Crude reachability approximation Implications Very numerous -- O(n2) Ok reachability approximation What Type of Candidate Invariants? • k-Cuts • Managable number of candidates -- O(n) • Local, Ok reachability approximation • Random clauses • Currently use a fixed number of random 3-literal clauses • Not local, can often strengthen reachability [Case et. al., “Invariant-strengthened elimination of dependent state elements,” FMCAD 2008] Mike Case PhD Defense

  12. A2 B2 Frame 2 Inputs A1 B1 Frame 1 Inputs Symbolic Inputs (instead of registers) Induction • Base Case: candidate invariant holds in the initial state(s) • Inductive Step:  states where the candidate holds, it also holds in all next states A B Inputs Registers Mike Case PhD Defense

  13. Computation Waves k=1 induction k=2 induction [Case et. al., “Invariant-strengthened elimination of dependent state elements,” FMCAD 2008] Mike Case PhD Defense

  14. a b c d f e g Storing Implications Efficiently • Design with 5k AND nodes, 1k registers can have 100k implication candidates AIG [Case et. al., “Inductively Finding a Reachable State Space Over-Approximation,” IWLS 2006] Mike Case PhD Defense

  15. Implication Graph A D D F F E E G G C B A Transitively Reduced Implication Graph C B Storing Implications Efficiently • Algorithms developed to always maintain an equivalent but reduced set of implications [Case et. al., “Maintaining A Minimum Equivalent Graph In The Presence of Graph Connectivity Changes,” Tech. Rpt. 2007] Mike Case PhD Defense

  16. Storing Implications Efficiently [Case et. al., “Maintaining A Minimum Equivalent Graph In The Presence of Graph Connectivity Changes,” Tech. Rpt. 2007] Mike Case PhD Defense

  17. Outline • Synergy Between Synthesis and Verification • Invariants to Characterize the State Space • Synthesis Applications • Resubstitution • ODCs • Verification Applications • Interpolation • Induction • Targeted Invariants Mike Case PhD Defense

  18. Direct Vs. Indirect Sequential Synthesis • Direct Sequential Synthesis • Do sequential analysis within synthesis • Can be expensive • Characterizes state space in ways directly applicable to synthesis • Indirect Sequential Synthesis • Find invariants and leverage in combinational synthesis • Invariants can be expensive, combinational synthesis usually cheap. • State space is characterized, but maybe not in the way synthesis needs • Can recycle invariants across multiple runs [Case, previously unpublished work] Mike Case PhD Defense

  19. Outline • Synergy Between Synthesis and Verification • Invariants to Characterize the State Space • Synthesis Applications • Resubstitution • ODCs • Verification Applications • Interpolation • Induction • Targeted Invariants Mike Case PhD Defense

  20. X g1 g2 g3 Resubstitution Overview X g1 g2 g3 Mike Case PhD Defense

  21. = = = SAT-Based Resubstitution [Lee et. al., “Scalable exploration of functional dependency by interpolation and incremental sat solving,” ICCAD 2007] • Resubstitution exists iff for any two logical assignments: where pairwise equal g’s → equal X’s • Dependency function derived from the interpolant 1 (1) (0) X X g1 g3 g2 g1 g3 g2 Circuit Copy 1 Circuit Copy 2 Mike Case PhD Defense

  22. Focus On Next State Functions Resubstitution Test Function • For a particular state var S, next(S1)=1  next(S2)=0 • For every other state var T, next(T1) = next(T2) Next StateFunctions Next StateFunctions Copy 1 Copy 2 Inputs / Current State Inputs / Current State [Case et. al., “Invariant-strengthened elimination of dependent state elements,” FMCAD 2008] Mike Case PhD Defense

  23. time == 0 A InitialState A B C B C 3) Eliminate latch by separating time 0 and time >0 behavior 2) Re-express next state function 0 1 Register Elimination A B C 1) Original Circuit Mike Case PhD Defense

  24. Invariants Invariants Indirect Sequential Synthesis Resubstitution Test Function • For a particular state var S, next(S1)=1  next(S2)=0 • For every other state var T, next(T1) = next(T2) • Invariants = 1 Next StateFunctions Next StateFunctions Copy 1 Copy 2 Inputs / Current State Inputs / Current State Mike Case PhD Defense

  25. A B X Direct Sequential Synthesis • Resubstitution exists iff: • (A = A’)  (B = B’) → (X = X’) (A = A’)  (B = B’) 1 0 X A B A’ B’ X’ 2 2 2 2 2 2 (A ≠ A’)  (B ≠ B’)  (X = X’) A’ B’ X’ 1 1 1 1 1 1 var var var var [Case, previously unpublished work] Mike Case PhD Defense

  26. Results +28% regs removed Combinational Formulation Invariant-Strengthened Combinational +31% regs removed -4% runtime +27% regs removed Invariant-Strengthened k=1 (SXS Default) k=1 Induction +447% regs removed +205% runtime +21% regs removed Invariant-Strengthened k=2 k=2 Induction Mike Case PhD Defense

  27. Outline • Synergy Between Synthesis and Verification • Invariants to Characterize the State Space • Synthesis Applications • Resubstitution • ODCs • Verification Applications • Interpolation • Induction • Targeted Invariants Mike Case PhD Defense

  28. B Node Merging • Definition: merging signals A and B means replacing one by the other • Simple yet powerful operation • Basis for many successful synthesis algorithms merge(A,B) B A Mike Case PhD Defense

  29. CombinationalLogic CombinationalLogic Correct Values Incorrect Values Combinational Observability Visualization CombinationalLogic CombinationalLogic Arbitrary Inputs [Zhu et. al., “Sat sweeping with local observability don’t care,” DAC 2006] Mike Case PhD Defense

  30. Next State CombinationalLogic CombinationalLogic Current State Unreachable State Sequential Observability Visualization Ok to change unreachable state behavior CombinationalLogic CombinationalLogic [Case et. al., “Merging nodes under sequential observability,” DAC 2008] Mike Case PhD Defense

  31. == ?? == ?? Combinational Case Mike Case PhD Defense

  32. Invariants = 1 Invariants = 1 Indirect Sequential Synthesis == ?? == ?? [Case, previously unpublished work] Mike Case PhD Defense

  33. == ?? == ?? Direct Sequential Synthesis [Case et. al., “Merging nodes under sequential observability,” DAC 2008] Mike Case PhD Defense

  34. Summarized Experimental Results • 6 synthesis benchmarks from IBM • Combinational reduced ANDs by 1%, registers by 2.1% • Indirect Sequential reduced ANDs by 1.2%, registers by 2.5% • Direct Sequential reduced ANDs by 4%, registers by 1% • 83 Property checking benchmarks from IBM • Combinational reduced ANDs by 5%, registers by 0.4% • Indirect Sequential reduced ANDs by 6.3%, registers by 1.1% • 28 ISCAS89 (academic) benchmarks • Combinational techniques gave no reductions • Direct Sequential reduced ANDs by 10%, registers by 0% Mike Case PhD Defense

  35. Outline • Synergy Between Synthesis and Verification • Invariants to Characterize the State Space • Synthesis Applications • Resubstitution • ODCs • Verification Applications • Interpolation • Induction • Targeted Invariants Mike Case PhD Defense

  36. Constrained Interpolation • Interpolation explores an approximation to the reachable state space • Invariants can bound this approximation, and eliminate spurious counterexamples Invariants [Case et. al., “A hybrid model checker,” Tech. Rpt. 2006] Mike Case PhD Defense

  37. Summarized Experimental Results • Experiments run inside IBM • Started with 91 hard property checking benchmarks • 1-hour BMC → 83 benchmarks • 1-hour induction • 1-hour interpolation → 78 benchmarks • 10-minute invariant generation • 1-hour interpolation → 74 benchmarks Mike Case PhD Defense

  38. Outline • Synergy Between Synthesis and Verification • Invariants to Characterize the State Space • Synthesis Applications • Resubstitution • ODCs • Verification Applications • Interpolation • Induction • Targeted Invariants Mike Case PhD Defense

  39. Invariants Constrained Induction •  properties not provable with induction • Unreachable “induction leaks” • Invariants can bound the explored states and help inductivity p p ¬p [Case, previously unpublished work] Mike Case PhD Defense

  40. Summarized Experimental Results • Started with 91 hard property checking benchmarks • 1-hour BMC → 83 benchmarks • 1-hour induction • 1-hour interpolation → 78 benchmarks • 10-minute invariant generation • 1-hour induction → 77 benchmarks Mike Case PhD Defense

  41. Outline • Synergy Between Synthesis and Verification • Invariants to Characterize the State Space • Synthesis Applications • Resubstitution • ODCs • Verification Applications • Interpolation • Induction • Targeted Invariants Mike Case PhD Defense

  42. S S 0 0 { C } { C } { C } 0 0 0 1 3 2 S S 2 3 { C } { C } 2 3 S 1 Invariants { C } 1 Targeted Invariants p p ¬p [Case et. al., “Automated extraction of inductive invariants to aid model checking,” FMCAD 2007] Mike Case PhD Defense

  43. Conclusion • Invariants provide info about the state space • Invariants are efficient to: 1) discover, 2) prove, and 3) use • Beneficial in synthesis by providing enabling Indirect Sequential Synthesis • Beneficial in verification by bounding the state space Mike Case PhD Defense

  44. Backup Material Mike Case PhD Defense

  45. Taxonomy of Merge-Based Transformations Does Not Change NS Logic (Combinational)‏ Preserves Reachable NS Logic (Sequential)‏ Sequential ObservabilityMerges (Direct Sequential Synth)‏ Combinational ObservabilityMerges Computational Complexity SequentialRedundancies CombinationalRedundancies SequentialEquivalences CombinationalEquivalences Ability to Modify the Logic / FSM Mike Case PhD Defense

  46. Bit Parallel Sim A out B Result Vectors to Simulate Machine Word View A B Other nodes out A = 0111… 0 0 … 0 B = 0011… & 1 0 … 0 out = 0011… 1 … 1 1 (all vectors simulated in 1 machine instruction) … 1 1 1 Mike Case PhD Defense

  47. Effective At Aiding Unbounded Verification • “Hybrid model checker” class project: strength interpolation with implications • Comparison not 100% fair – Time to derive invariants not counted [Case et. al., “A Hybrid Model Checker,” Berkeley Technical Report 2006] Mike Case PhD Defense

  48. S S 0 0 { C } { C } { C } 0 0 0 1 3 S S 2 3 { C } { C } 2 3 S 1 Invariants { C } 1 Targetted Invariants 2 p p ¬p Mike Case PhD Defense

  49. Targeted Invariant Generation [Case et. al., “Automated Extraction of Inductive Invariants to Aid Model Checking,” FMCAD 2007] Mike Case PhD Defense

More Related